Get the latest tech news

Defend against vampires with 10 gbps network encryption

Let's say you have a fiber optic line running between two buildings, or between two spaces you rent in the same building.

The FOD5516 Clip-on Coupler that can detect and inject light in (singlemode) optical fiberThis opens many classical man-in-the-middle attack scenarios such as forcing the downgrade of crypto protocols, redirecting traffic, etc. If you search for ways to "encrypt/secure a 802.1q trunk" you will probably read about MACsec, aka the Cisco-designed 802.1ae standard, which on paper seems to do exactly what we want, with the added benefit that if you use MACsec-capable switches on each end of the fiber, you don't need additionnal equipements to do the secure tunneling. So, we were able to build a fully open-source pair of appliances that will strongly encrypt a 10 Gbps 802.1q trunk at almost wire-speed (less than 2% performance penalty), defeating any spying vampire tapping onto the underlying network link.

Get the Android app